1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • How organizations and individuals can defend against would-be ide

    From TechnologyDaily@1337:1/100 to All on Mon Jun 13 18:45:04 2022
    How organizations and individuals can defend against would-be identity thieves

    Date:
    Mon, 13 Jun 2022 17:30:26 +0000

    Description:
    Shielding against identity theft in a post-pandemic world.

    FULL STORY ======================================================================

    It's a buyer's market for criminals with an eye for identity theft . Thanks
    to workforces everywhere still being scattered post-COVID, employees are more vulnerable than ever to social engineering tactics. Additionally, once protected by robust on-premise security and corporate networks, sensitive
    data is now accessible via unsecured home environments.

    What's more, organizations across the globe are scrambling to digitize their processes, regulators have yet to enforce remote security procedures, and our most valuable data can now be accessed via easily penetrable devices on a basic home network.

    It's more important than ever that IT teams ensure their remote workforce is educated and enabled to deal with increasingly sophisticated criminal attempts.

    Before delving into how to protect against identity theft, it's important to understand the two core avenues criminals utilize. Here's our list of the
    best secure router on the market Check out our list of the best VPN services on the market We've built a list of the best encrypted messaging services around Social engineering

    Intruders looking to perform identity theft first undergo what can often be a lengthy process of social engineering. This means stealing minor information specific to the user they are targeting and using it, alongside intimidation tactics, to blend some truth into a narrative with the user, such as requests from a bank or trusted brand asking for verification or even answers to security questions. Once the victim divulges this information, the attacker can use it to seize total control of the users online identity and wreak
    havoc throughout the enterprise network. Home network devices

    With most, if not all, of the average workforce now being based at home, cybercriminals can bypass the more robust security of the physical office perimeter and find a way in through a less secure device sitting on the same home network as a company laptop or tablet . This is particularly concerning for banks and other financial organizations housing lucrative data. Once an attacker breaks into the network, they can move laterally throughout the network and do what they do best.

    With these routes to identity theft acknowledged, its up to IT teams to
    create strict procedures that enforce the best possible defense and ensure users accessing the network are equipped to correctly identify and mitigate threat attacks in the case that these defenses dont work.

    As always, the first and most effective thing IT leaders can do is create an atmosphere of caution amongst their colleagues. This means adopting a zero trust approach to business communications - digital or otherwise. If users arent expecting an email asking for specific information, they should phone the sender to verify the request. That goes for any communication - if there is a second way of authenticating the person at the other end of the email or phone, it must become second nature. It is an extremely simple method, but
    its also the most effective. Its awareness like this, almost common sense, that is often lost as businesses scramble to digitize themselves. Despite all of the security solutions available, humans still play a pivotal role in defending or failing an organization. Attackers will remember this, but organizations often forget.

    Another vital tool in any defense is multi-factor authentication. By
    requiring more than one set of data from a user looking to access sensitive files or networks, the chance of a successful breach due to identity theft is immediately reduced. So, if your online identity is stolen, multi-factor authentication acts as a final safety net. If you cant identify somebody, you cant authenticate them. If you cant authenticate them, you cant provide the correct actor privilege level - which is how these compromises typically occur.

    Network segregation is a reliable way to prevent criminals from accessing and laterally moving through an enterprise network, having accessed it through a weak security point at a users home. By providing remote workers with a separate network dedicated entirely to their workloads, IT leaders can remove these new security blind spots - in the form of the connected home - and
    close one of the prime avenues used by those attempting identity theft. Stay vigilant

    Identity theft attempts and remote working practices are here to stay, though the idea of total protection is gone. Nobody can fully protect, and so we
    must instead focus on defending for the inevitable. Beyond the above actionable tips for combating identity theft, IT teams and their
    organizations must embrace a larger sense of vigilance, awareness, and consistency when composing themselves and interacting with others online. We've also highlighted the best password manager



    ======================================================================
    Link to news story: https://www.techradar.com/news/how-organizations-and-individuals-can-defend-ag ainst-would-be-identity-thieves/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)